external/mailinabox
1
0
Fork 0
mirror of https://github.com/mail-in-a-box/mailinabox.git synced 2025-03-30 23:37:05 +00:00
Code Issues Releases Wiki Activity

Merge b0540e54c4 into 3efd4257b5

Browse Source
This commit is contained in:
McClain Looney 2025-03-22 01:20:41 +01:00 committed by GitHub
commit 29b8af6f5d
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
5 changed files with 12 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
management/ssl_certificates.py
View File

@ -93,13 +93,13 @@ def get_ssl_certificates(env):
# Sort the certificates to prefer good ones.
import datetime
now = datetime.datetime.utcnow()
now = datetime.datetime.now(datetime.UTC)
ret = { }
for domain, cert_list in domains.items():
#for c in cert_list: print(domain, c.not_valid_before, c.not_valid_after, "("+str(now)+")", c.issuer, c.subject, c._filename)
cert_list.sort(key = lambda cert : (
# must be valid NOW
cert["cert"].not_valid_before <= now <= cert["cert"].not_valid_after,
cert["cert"].not_valid_before.astimezone(datetime.UTC) <= now <= cert["cert"].not_valid_after.astimezone(datetime.UTC),
# prefer one that is not self-signed
cert["cert"].issuer != cert["cert"].subject,
@ -567,8 +567,8 @@ def check_certificate(domain, ssl_certificate, ssl_private_key, warn_if_expiring
# Check that the certificate hasn't expired. The datetimes returned by the
# certificate are 'naive' and in UTC. We need to get the current time in UTC.
import datetime
now = datetime.datetime.utcnow()
if not(cert.not_valid_before <= now <= cert.not_valid_after):
now = datetime.datetime.now(datetime.UTC)
if not(cert.not_valid_before.astimezone(datetime.UTC) <= now <= cert.not_valid_after.astimezone(datetime.UTC)):
return (f"The certificate has expired or is not yet valid. It is valid from {cert.not_valid_before} to {cert.not_valid_after}.", None)
# Next validate that the certificate is valid. This checks whether the certificate
@ -604,7 +604,7 @@ def check_certificate(domain, ssl_certificate, ssl_private_key, warn_if_expiring
# But is it expiring soon?
cert_expiration_date = cert.not_valid_after
ndays = (cert_expiration_date-now).days
ndays = (cert_expiration_date.astimezone(datetime.UTC)-now).days
if not rounded_time or ndays <= 10:
# Yikes better renew soon!
expiry_info = "The certificate expires in %d days on %s." % (ndays, cert_expiration_date.date().isoformat())

7
management/status_checks.py
View File

@ -259,6 +259,7 @@ def check_free_memory(rounded_values, env, output):
if rounded_values: memory_msg = "System free memory is below 10%."
output.print_error(memory_msg)
import subprocess
def run_network_checks(env, output):
# Also see setup/network-checks.sh.
@ -269,8 +270,8 @@ def run_network_checks(env, output):
# Stop if we cannot make an outbound connection on port 25. Many residential
# networks block outbound port 25 to prevent their network from sending spam.
# See if we can reach one of Google's MTAs with a 5-second timeout.
_code, ret = shell("check_call", ["/bin/nc", "-z", "-w5", "aspmx.l.google.com", "25"], trap=True)
if ret == 0:
ret = subprocess.run("/usr/bin/nc -z -w5 aspmx.l.google.com 25", shell=True, capture_output=True)
if ret.returncode == 0:
output.print_ok("Outbound mail (SMTP port 25) is not blocked.")
else:
output.print_error("""Outbound mail (SMTP port 25) seems to be blocked by your network. You
@ -968,6 +969,8 @@ def check_miab_version(env, output):
output.print_ok("Mail-in-a-Box is up to date. You are running version %s." % this_ver)
elif latest_ver is None:
output.print_error("Latest Mail-in-a-Box version could not be determined. You are running version %s." % this_ver)
elif re.match(r'[A-F,0-9]{40}', this_ver, re.I):
output.print_ok("This version appears to be a git checkout (%s). Good luck!" % this_ver[0:7])
else:
output.print_error(f"A new version of Mail-in-a-Box is available. You are running version {this_ver}. The latest version is {latest_ver}. For upgrade instructions, see https://mailinabox.email. ")

1
setup/management.sh
View File

@ -105,7 +105,6 @@ exec gunicorn -b localhost:10222 -w 1 --timeout 630 wsgi:app
EOF
chmod +x $inst_dir/start
cp --remove-destination conf/mailinabox.service /lib/systemd/system/mailinabox.service # target was previously a symlink so remove it first
hide_output systemctl link -f /lib/systemd/system/mailinabox.service
hide_output systemctl daemon-reload
hide_output systemctl enable mailinabox.service

1
setup/munin.sh
View File

@ -65,7 +65,6 @@ mkdir -p /var/lib/munin-node/plugin-state/
ln -sf "$PWD/management/munin_start.sh" /usr/local/lib/mailinabox/munin_start.sh
chmod 0744 /usr/local/lib/mailinabox/munin_start.sh
cp --remove-destination conf/munin.service /lib/systemd/system/munin.service # target was previously a symlink so remove first
hide_output systemctl link -f /lib/systemd/system/munin.service
hide_output systemctl daemon-reload
hide_output systemctl unmask munin.service
hide_output systemctl enable munin.service

4
setup/preflight.sh
View File

@ -12,8 +12,8 @@ fi
# Pull in the variables defined in /etc/os-release but in a
# namespace to avoid polluting our variables.
source <(cat /etc/os-release | sed s/^/OS_RELEASE_/)
if [ "${OS_RELEASE_ID:-}" != "ubuntu" ] || [ "${OS_RELEASE_VERSION_ID:-}" != "22.04" ]; then
echo "Mail-in-a-Box only supports being installed on Ubuntu 22.04, sorry. You are running:"
if [ "${OS_RELEASE_ID:-}" != "ubuntu" ] || [ "${OS_RELEASE_VERSION_ID:-}" != "24.04" ]; then
echo "Mail-in-a-Box only supports being installed on Ubuntu 24.04, sorry. You are running:"
echo
echo "${OS_RELEASE_ID:-"Unknown linux distribution"} ${OS_RELEASE_VERSION_ID:-}"
echo